<?php

	class security
	{

		var $id		= null;
		var $auth	= false;
		var $dtls	= array();

		function security()
		{

			@session_start();

			$this->id	= session_id();


		}

		function check_auto_login()
		{

			if($this->auth == false)
			{

				if(isset($_COOKIE['auto_login']) && !empty($_COOKIE['auto_login']))
				{

					$session_sec	= $_COOKIE['auto_login'];

					$sql	= $this->framework->_pq("SELECT member_id FROM #__member WHERE session_id_enc = '$session_sec' AND member_active = '1' AND member_approved = '1'");
					$result	= mysql_query($sql) or die(mysql_error());

					if(mysql_num_rows($result) === 1)
					{

						if($this->create_authentication(mysql_result($result, 0, 0)))
						{

							$this->create_auto_login();

							header('location: '. $_SERVER['REQUEST_URI']);

						}

					}
					else
					{

						$this->kill_auto_login();

					}

				}

			}

			return false;

		}

		function create_authentication($member_id)
		{

			// Firstly retrieve the members details
			$sql	= $this->framework->_pq("SELECT member_username, member_email, pref_imdb_window FROM #__member WHERE member_active = '1' AND member_id = '%s'", $member_id);
			$result	= mysql_query($sql);

			if(mysql_num_rows($result) == 1 && list($username, $email, $imdb_window) = mysql_fetch_row($result))
			{

				$where_is	= 'index.php?'. $_SERVER['QUERY_STRING'];

				$sql	= $this->framework->_pq("INSERT INTO #__session (session, session_created, session_last_action, session_active, member_id, session_where_is) VALUES ('%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), '1', '%s', '%s');", $this->id, $member_id, $where_is);
				$result	= mysql_query($sql);

				if($result)
				{

					// update the members details
					$sql	= $this->framework->_pq("UPDATE `#__member` SET `last_login` = UNIX_TIMESTAMP() WHERE `member_id` = %s", $member_id);
					$result	= mysql_query($sql) or die(mysql_error());

					$this->dtls['id']		= $member_id;
					$this->dtls['username']	= $username;
					$this->dtls['email']	= $email;
					$this->dtls['pref']['imdb_window'] = $imdb_window;

					$this->auth = true;
					return true;

				}
			}

			return false;

		}

		function create_auto_login()
		{

			if($this->auth)
			{

				$dtls			= $this->dtls;
				$session_enc	= md5($this->id);
				$month			= 2678400; // Seconds in month (3600 * 24 * 31)

				setcookie('auto_login', $session_enc, time() + $month, '/');

				$sql	= $this->framework->_pq("UPDATE #__member SET session_id_enc = '%s' WHERE member_id = '%s'", $session_enc, $dtls['id']);
				$result	= mysql_query($sql) or die(mysql_error());

			}

		}

		function distroy_authentication()
		{

			$sql	= $this->framework->_pq("UPDATE #__session SET session_active = '0'");
			$result	= mysql_query($sql) or die(mysql_error());

			$_SESSION = array();
			unset($_SESSION);

			if(isset($_COOKIE[session_name()]))
			{

				setcookie(session_name(), '', time() - 42000, '/');

			}

			if(isset($_COOKIE['auto_login']))
			{

				$this->kill_auto_login();

			}

			return mysql_affected_rows() > 0 && session_destroy() ? true : false;

		}

		function get_authentication()
		{

			$sql	= $this->framework->_pq("SELECT member_id FROM #__session WHERE session = '%s' AND session_active = '1' ORDER BY session_last_action DESC LIMIT 1", $this->id);
			$result = mysql_query($sql) or die(mysql_error());

			if(mysql_num_rows($result) == 1 && $row = mysql_fetch_array($result))
			{

				$this->dtls['id'] = $row['member_id'];

				// Firstly retrieve the members details
				$sql	= $this->framework->_pq("SELECT member_username, member_email, pref_imdb_window FROM #__member WHERE member_active = '1' AND member_id = '%s'", $row['member_id']);
				$result	= mysql_query($sql);

				if(mysql_num_rows($result) == 1 && list($username, $email, $imdb_window) = mysql_fetch_row($result)) {
					$this->dtls['username']	= $username;
					$this->dtls['email']	= $email;
					$this->dtls['pref']['imdb_window'] = $imdb_window;
				}

				$where_is	= 'index.php?'. $_SERVER['QUERY_STRING'];

				// Update the last action time
				$sql	= $this->framework->_pq("UPDATE #__session SET session_last_action = UNIX_TIMESTAMP(), session_where_is = '%s' WHERE member_id = %s AND session = '%s'", $where_is, (int)$row[0], $this->id);
				$result	= mysql_query($sql) or die(mysql_error());

				$this->auth	= true;
				return true;

			}

			return false;

		}

		function kill_auto_login()
		{

			setcookie('auto_login', null, time() - 42000, '/');

		}

	}

?>
